case study
Transcription
case study
CASE STUDY OPTIMIZE SECURITY INCIDENT MANAGEMENT ON BUSINESS-CRITICAL IT ASSETS RSA SIEM DEPLOYED FOR A LEADING MOBILE SERVICES OPERATOR THE COMPANY The company is a part of one the ten largest mobile phone operators in the world with over 25 million subscribers, having added the 24 million + subscribers in just 7 years. It holds a market share of over 25% in its geography of operations. The exponential growth over the last years has been driven by the introduction of innovative products and services targeting different market segments, aggressive improvement of network quality and setting up of dedicated customer care: an overarching attempt at creating an extensive distribution network across the region. THE BUSINESS CHALLENGES With the addition of newer products and service and massive expansion in subscriber base in the last couple of years, the operator’s IT infrastructure has had to grow equally rapidly; At this accelerated rate of growth, monitoring the critical IT assets and to analyze their security and heath is a major concern. A strong brand that emotionally connects with customers takes years to establish, but losing trust and loyalty due to interruption in services can take mere days. To provide their customers excellent and uninterrupted service, a centralized solution was required that could monitor all the business critical devices – a solution designed to address an evolving IT infrastructure Copyright © 2013 Grid Infocom Pvt. Ltd. All rights reserved. landscape, its threats and challenges; a solution tailored to deliver all-inclusive, beneficial and actionable insight into the occurrences in the enterprise IT environment. THE TECHNICAL SITUATION There are over 1000 devices spread across 5 geographic locations and are being monitored by approximately 20 different organizational units. The identified critical servers consisted of 3 Web Servers, 2 Domain Servers, and 16 Database Servers, 40 Routers, 400+ Switches, 12 Firewalls, 7 Mail Servers, many Custom applications hosted on Servers and The operators IT infrastructure is still growing. In order to manage such an infrastructure, a need for a Centralized Solution ascended – a solution that could centrally monitor the health status of their business-critical IT assets, provide real-time monitoring and alerting against attacks & security breaches. THE SOLUTION As part of Grid Infocom’s Enterprise Security & Compliance portfolio, the approach was to provide a solution to provide visibility into the health of IT assets to minimize risks and uphold compliance, and also maintain service levels by delivering world-class IT service. In our blueprint, we decided on implementing RSA’s Security Incident and Event Management (SIEM) solution. SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. It offers log collection, alerting and correlation, incident management, and reporting and analysis for compliance. DELIVERY METHODOLOGY Our solution is based on the DDUO (Design, Deploy, Utilize and Optimize) service delivery model supported by best of breed project management approach to ensure the highest quality of delivery. DDUO has been developed over years of experience as a comprehensive service delivery model, delivering timely and cost effective project delivery. We ensure technical solution is very closely aligned to meet business objectives by conducting key stakeholder mapping with our domain and technical experts. We also ensure solution adoption by users and sign-off is obtained only after desired project benefits start getting accrued. DESIGN UTILIZE Architecture Proposal and Finalization In order to achieve real-time alerting with Zero Downtime, the “Log Collection” solution was proposed that would work in enhanced availability mode A Distributed Architecture was opted and designed to map the current and future requirements Identified all the IT assets that were critical to the business Coordinated & guided the stakeholders and OUs to identify all the devices that were critical and directly impacting the business, such as Servers providing VAS services Approximately 500+ devices were identified in this exercise The solution monitors all the network traffic from external networks, providing alerts against attacks and malicious codes Alerts have been crafted to monitor hardware and software failures The dashboard provides an overview of the activities on the critical device types The reports are configured to provide precise data against various activities on the device types Custom alerts were also created to monitor internal suspicious activities The SIEM solution’s log management architecture brings about compliance to ISO 27001 Standards Quickly capitalized on the initial snapshot A guided and value-added approach to bring about an accelerated maturity to the SIEM Solution Worked in close partnership with the client to identify the types of services running on each device. Provided Log enablement advisory services: for instance, “what kind of logging to enable for the respective devices to start with” Provided consultancy for “Alerts and Reports” in the initial phase, depending on the kind of devices and logs that were enabled OPTIMIZE Through our association with the client, our consultants coached and guided their staff to analyze and assess the solution after every 3 months and as per their feedback we conducted exercises for the following: Fine tuning of simple and co-related alerts against identified false positives Modification of existing reports Involved all the stakeholders to identify the requirement of new devices, alerts and reports DEPLOY Implemented RSA enVision Security Incident and Event Management (SIEM) Solution as per the design finalized Proceed with the design approach again if required Advised on how to enable Logs i.e. which Integration methodology will bind and address to all the business need identified Integrated all the critical IT assets that had been identified Created Custom Reports and Alerts KEY BENEFITS & IMPACTS The Security Incident and Event Management solution delivers the visibility, insight and response capabilities that were required to detect and address the health and threat in the client’s vast IT landscape. Some of the benefits that were derived post deployment: O1 Fully assimilated Log Management and SIEM: the client can now centrally monitor the health status of their business-critical IT assets with the ability to accurately correlate, analyze and generate reports on the information required; It analyzes both real-time and historical data and presents information in views and reports intended to meet the diverse needs of different stakeholder in the client’s organization O2 04 Enterprise-wide Network Visibility (network, security, host, application and storage devices across the enterprise): the client is now able to monitor network traffic from external networks on their critical business servers. Almost immediately after solution deployment, the client was successful in detecting a brute force attack on their Internet facing router. Ability to capture high volume data: in-depth log collection, archiving, and analysis of log data. With 70% Data-Compression, the client can now use this to perform forensic analysis on massive archives for incident investigation and remediation 03 O5 Powerful real-time alerting: With real-time monitoring, the client now receives alerts against attacks & security breaches or if their critical assets are facing compliance issues or they are not accessible The client is also using RSA enVision to create a closed loop process to manage vulnerability assessment. They receives vital inputs for their patch management process ABOUT GRID INFOCOM Grid Infocom has its corporate office in GURGAON, the National Capital Region of India, with International office in Singapore. Our suite of solutions helps organizations perk up their existing level of services, achieve their business goals faster, derive greater value from their IT assets, thereby, transforming IT from “Business Enabler” to “Business Game Changer”. What you get: Performance that is multiplied - all at an ‘affordable’ cost. With genuine global experience and leadership, we believe that we can draw on best practices and the best talents to offer our clients unequaled on-time service delivery at an affordable cost. The Grid Infocom team comprises a broad range of professionally accredited subject matter experts and a leadership team with many years of global business experience, focused on delivering competitive advantage to your business. Copyright © 2013 Grid Infocom Pvt. Ltd. All rights reserved. CORPORATE OFFICES GRID INFOCOM PVT. LTD. Plot No. 59, Sector 18 Gurgaon - 122015. INDIA Tel.: +91 - 124 4942200 GRID INFOCOM PTE. LTD. 21 Science Park Road, #03-15 The Aquarius, Science Park II Singapore 117628. SINGAPORE Tel.: +65 6493 3997 Email: reachus@gridinfocom.com www.gridinfocom.com